The so-called Nikel cyber espionage attack group - aka APT15, Vixen Panda, KE3CHANG, Royal APT, and Playful Dragon - has been in Microsoft's sights since 2016.
Microsoft's Digital Crimes Unit (DCU) has seized websites used by a China-based cyber-espionage hacking team to wage cyberattacks on government agencies, think tanks, and human rights organizations in some 29 countries, including the US.
The hacking group, dubbed Nickel by Microsoft, is also known as APT15, Vixen Panda, KE3CHANG, Royal APT, and Playful Dragon.
The disruption of the threat group's infrastructure came via a court order granted to Microsoft by the US District Court for the Eastern District of Virginia and unsealed today.
"Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities," wrote Tom Burt, vice president of customer security and trust, in a post announcing the news today. "Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks."
Microsoft's Threat Intelligence Center has been monitoring Nickel since 2016 and studying the groups cyber-espionage campaigns via the infrastructure since 2019. The attackers targeted unpatched Exchange Server and SharePoint systems.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024